Markus Koschany pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
0976f993 by Markus Koschany at 2020-09-09T23:13:48+02:00
Remove no-dsa tags for upcoming libxml2 update.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -41696,7 +41696,6 @@ CVE-2020-7596 (Codecov npm module before 3.6.2 allows
remote attackers to execut
CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an
infini ...)
- libxml2 2.9.10+dfsg-2.1 (bug #949582)
[buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5
CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices
allow remo ...)
@@ -41952,7 +41951,6 @@ CVE-2019-20389 (An XSS issue was identified on the
Subrion CMS 4.2.1 /panel/conf
CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an
xmlSchemaV ...)
- libxml2 2.9.10+dfsg-2.1 (bug #949583)
[buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
[jessie] - libxml2 <no-dsa> (Minor issue)
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/7ffcd44d7e6c46704f8af0321d9314cd26e0e18a
CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a
heap-ba ...)
@@ -51203,7 +51201,6 @@ CVE-2019-19956 (xmlParseBalancedChunkMemoryRecover in
parser.c in libxml2 before
[experimental] - libxml2 2.9.10+dfsg-1
- libxml2 2.9.10+dfsg-2
[buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/82
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/5a02583c7e683896d84878bd90641d8d9b0d0549
(v2.9.10-rc1)
CVE-2019-19955
@@ -131204,7 +131201,6 @@ CVE-2018-14567 (libxml2 2.9.8, if --with-lzma is
used, allows remote attackers t
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- libxml2 2.9.10+dfsg-2
[buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <postponed> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/13 (not public yet)
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/2240fbf5912054af025fb6e01e26375100275e74
CVE-2018-14566
@@ -131699,7 +131695,6 @@ CVE-2018-14404 (A NULL pointer dereference
vulnerability exists in the xpath.c:x
[experimental] - libxml2 2.9.9+dfsg1-1~exp1
- libxml2 2.9.10+dfsg-2 (low; bug #901817)
[buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <no-dsa> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/5
NOTE: https://gitlab.gnome.org/GNOME/libxml2/issues/10
NOTE:
https://gitlab.gnome.org/GNOME/libxml2/commit/a436374994c47b12d5de1b8b1d191a098fa23594
@@ -145514,7 +145509,6 @@ CVE-2017-18258 (The xz_head function in xzlib.c in
libxml2 before 2.9.6 allows r
[experimental] - libxml2 2.9.7+dfsg-1
- libxml2 2.9.10+dfsg-2 (low; bug #895245)
[buster] - libxml2 <no-dsa> (Minor issue)
- [stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for
upstream bug 794914)
[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for
upstream bug 794914)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696
NOTE: Fixed by:
https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
@@ -197732,7 +197726,6 @@ CVE-2017-8873
RESERVED
CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2
2.9.4 all ...)
- libxml2 2.9.4+dfsg1-6.1 (bug #862450)
- [stretch] - libxml2 <no-dsa> (Minor issue)
[jessie] - libxml2 <no-dsa> (Minor issue)
[wheezy] - libxml2 <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0976f9932ac0e4422aedb56147ff6c9937458f19
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0976f9932ac0e4422aedb56147ff6c9937458f19
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
